Malicious PDF — malware analysis report

Static analysis result for SHA-256 6b1edb84584ccb70…

MALICIOUS

PDF

43.5 KB Created: 2018-12-14 21:15:50 +03:00 Authoring application: FrameMaker 7.0 (via Acrobat Distiller 5.0.5 (Windows); modified using iText® 5.5.4 ©2000-2014 iText Group NV (AGPL-version))
MD5: e5e109740b69f64254979f63db0c2b5f SHA-1: 63ff7016f38668f4c792e62e0e3f402a8699f0c0 SHA-256: 6b1edb84584ccb700bc4036bf6e052be6c86a3e44c353ccc34355e5f31fd1903
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. While no scripts were explicitly extracted, the nature of the embedded links suggests a potential attempt to manipulate search engine results or distribute further malicious content, possibly via a spearphishing attachment vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8738

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/alison-uttley-spinner-of-tales-the-authorised-biography-of-the.pdf
    • http://www.gorillawalker.com/riot-on-sunset-strip-rock-n-roll-s-last-stand.pdf
    • http://www.gorillawalker.com/report-of-the-regional-workshop-on-the-monitoring-management-of.pdf
    • http://www.gorillawalker.com/sibling-interaction-across-cultures-theoretical-and-methodological-issues.pdf
    • http://www.gorillawalker.com/selected-duets-for-french-horn-volume-2-advanced-rubank-educational.pdf
    • http://www.gorillawalker.com/sappho-and-alcaeus-an-introduction-to-the-study-of-ancient.pdf
    • http://www.gorillawalker.com/gonzo-with-the-wind-a-father-and-son-s-seafaring.pdf
    • http://www.gorillawalker.com/science-in-100-key-breakthroughs.pdf
    • http://www.gorillawalker.com/the-horse-diseases-and-clinical-management.pdf
    • http://www.gorillawalker.com/cuentos-reunidos-biblioteca-clarice-lispector-spanish-edition.pdf
    • http://www.gorillawalker.com/majesty-of-natchez-notecards-the-majesty-series.pdf
    • http://www.gorillawalker.com/taken-for-granted.pdf
    • http://www.gorillawalker.com/medical-reimbursement-a-contextualized-method.pdf
    • http://www.gorillawalker.com/batalla-de-cada-mujer-la-every-woman-s-battle-spanish.pdf
    • http://www.gorillawalker.com/how-to-cook-meat.pdf
    • http://www.gorillawalker.com/what-can-we-do-about-oil-spills-and-ocean-pollution.pdf
    • http://www.gorillawalker.com/what-to-do-when-your-child-gets-sick-what-to.pdf
    • http://www.gorillawalker.com/nature-s-blessing-28-month-planner.pdf
    • http://www.gorillawalker.com/the-writing-process-11th-edition.pdf
    • http://www.gorillawalker.com/translating-chinese-classics-in-a-colonial-context-james-legge-and.pdf
    • http://www.gorillawalker.com/the-2013-import-and-export-market-for-pins-and-needles.pdf
    • http://www.gorillawalker.com/to-hold-the-bridge-tales-from-the-old-kingdom-and.pdf
    • http://www.gorillawalker.com/the-tyrants.pdf
    • http://www.gorillawalker.com/all-must-die.pdf
    • http://www.gorillawalker.com/preventing-injuries-in-europe-from-international-collaboration-to-local-implementation.pdf
    • http://www.gorillawalker.com/lao-ts.pdf
    • http://www.gorillawalker.com/60-greatest-science-fiction-shows-selected-by-ray-bradbury.pdf
    • http://www.gorillawalker.com/memoir-of-a-cold-war-soldier.pdf
    • http://www.gorillawalker.com/state-of-insecurity-government-of-the-precarious-futures.pdf
    • http://www.gorillawalker.com/amalia-spanish-edition.pdf
    • http://www.gorillawalker.com/audio-production-worktext-concepts-techniques-and-equipment.pdf
    • http://www.gorillawalker.com/pc-magazine-dos-batch-file-lab-notes-book-and-disk.pdf
    • http://www.gorillawalker.com/a-history-of-technology-five-volumes.pdf
    • http://www.gorillawalker.com/numerical-thermal-analysis.pdf
    • http://www.gorillawalker.com/oncologia-ginecologica-spanish-edition-kindle-edition.pdf
    • http://www.gorillawalker.com/word-searches-grade-3-homework-helper.pdf
    • http://www.gorillawalker.com/grisly-tales-from-tumblewater.pdf
    • http://www.gorillawalker.com/the-year-s-best-science-fiction-thirty-second-annual-collection.pdf
    • http://www.gorillawalker.com/winchcombe-and-coventry-chronicles-hitherto-unnoticed-witnesses-to-the-work.pdf
    • http://www.gorillawalker.com/a-course-in-modern-linguistics.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.